Hi,
Customer creates security rules between VLAN's with inline layers. In these inline layers the rules are specified for traffic between servers in these VLAN's. All inline layers end with a 'Any' 'Any' 'Drop' rule.
With this method all unwanted traffic is dropped by a 'Drop' rule in one of the inline layers without going through the whole policy before traffic is dropped. This means the clean up rule at the end is almost not used and when they see the clean up rule being hit, they know they made an error in the policy / layers.
So yes, all rules are using inline layers. With the exception of clean up, stealth and some management rules. With almost 260 rules, we hit the 251 limit.
Support mentioned the following limites regarding policies.
Limitation for NAT rules in the policy - 16384.
Limmitaion of the layers in the policy - 251.
Limmitaion of the rules in the policy - No limit.
Regards,
Martijn